Sunday, July 28, 2024

How The CrowdStrike Attack Will Translate Into Water Supply Attacks

 


The CrowdStrike Supply Chain Attack from last Friday is still being felt, especially with the ripple effects being felt by the major airlines.  But, more than that, people are still wondering how could a software update cause so much turmoil around the world? 

Although it will take some time to unravel all of this, the bottom line is the sheer level of interconnectivity among devices, both physical and digital, that is happening today.  Just one little flaw or a vulnerability can exploited very quickly by a Cyberattacker, and cause even more devastation.

Even though CrowdStrike claims that this was an error in the actual patch, it was a Cyberattack.  But only time will tell.  But this attack underscores yet another area in our American society that still eludes the security pundits today:  how to make ou Critical Infrastructure from a large scale Cyberattack.  Unfortunately, the answer is that there is no clear-cut solution.

The primary reason for this is that many of the systems that were designed to support our Critical Infrastructure was designed back in the 1960s and 1970s.  Many of the vendors who created them are either no longer in existence, or have merged with another company. 

Therefore, finding the parts to replace these legacy components is almost close to impossible. If anything, new ones will have to be created, which could take months or even years.

The other issue here is that when these components were built, Cybersecurity was not even a concept that was thought about.  All of the attention was paid to physical access security.  So, even trying to add new software packages to the ones that are already in place is by no means an easy task either. 

For instance, the main risk is that of interoperability between the two.  If they don’t work together, then the chances are much greater, something even worse could go wrong.

In the last couple of years, we have seen attacks to our Critical Infrastructure actually happen.  Probably one of the best examples was the attack on the Colonial Gas Pipeline.  Deliveries were delayed for over a week, and the futures markets that trade in this were also rattled.  In the end, the CEO paid a ransom of well over $4 million. 

Now, one of the greatest fears is that something like this could happen to our precious water supply.  Can you imagine not having a fresh water supply for over a week?  If this were to happen, we would all perish.  While the fix to this is very difficult to figure out at the moment, over time, something will evolve. 

But it will most likely take a lot of time.  But this does not mean that you, the CISO, have an excuse for not taking proactive steps to mitigate this risk happening, if you are tasked with seeing the IT side of a water supply system.

So, what can you do, you might be wondering?  Here are some steps that you can take:

1)     Figure out where all of the data lies:

Yes, even a company that deals with the water supply has large amounts of data that they collect and store.  But many times, when a CISO is asked if they know about where their company’s data is stored at, they very often go “Huh”?  There is no excuse for these, IMHO.  Take the time to figure out where the datasets reside at, and how they are stored.  Create data maps so that you will also have a visual to refer to.

2)     Conduct Risk Assessments:

When this term is used, the image of doing this on digital assets often comes to mind.  But, this kind of methodology can also be used for the Critical Infrastructure as well, even the water supply systems.  In this regard, take close stock of what is protecting your databases.  This is one of the first areas that a Cyberattacker will go after, so you will need to make sure that you have at least some controls in place.  While putting in new ones may not be an option right now, you could certainly at least explore the possibilities of at least trying to optimize them more.

3)     Look at network traffic:

Even with the legacy technologies that are in place, there is still network traffic that happens.  Take the time to analyze this, and make sure that all of the traffic that happens within is always encrypted.  Perhaps even consider upgrading your firewalls, routers, hubs, network intrusion devices, etc.  The issue of interoperability with the legacy systems should not be an issue here, as you are just trying to fortify the lines of defenses for the flows of network traffic.

4)     Update the documentation:

More than likely, the documentation that comes with a piece of Critical Infrastructure will be outdated.  Therefore, take the time to try to update them.  This will be very crucial if indeed you are impacted by a security breach.  Of course, this also underscores the importance for Incident Response/Disaster Recovery/Business Continuity planning as well.

My Thought On This:

Unfortunately, we will be seeing many more Supply Chain Attacks just like the CrowdStrike one.  Btu rather than having digital assets being impacted, it will be our Critical Infrastructure.  Remember the days of 9/11?

 Well, instead of planes crashing into buildings, we could very likely see major attacks hitting our Critical Infrastructure at the large cities here in the United States, but in a simultaneous fashion.  This is something I don’t even want to think about, but the harsh reality is that it could very well  happen.

And the worst part yet is, how long will it take to recover?  Weeks? Months?  Something to think about, especially for you, the CISO.

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...